public void LookupATrustCertificateTest()
{
var test = new ReceiptQrCode(QRCODE1);
string certSerial = test.CertificateSerial;
// Lookup needs serial in decimal
int certificateSerialDecimal = Convert.ToInt32(certSerial, 16);
Assert.Equal(2065058440, certificateSerialDecimal);
// Sample A-Trust lookup for above serial
var result = CertificateLookup.ATrust(certificateSerialDecimal);
string cert64Encoded = Convert.ToBase64String(result.CertificateBinary);
Assert.Equal(CERT64ENCODED, cert64Encoded);
}
public static IActionResult Run([HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, TraceWriter log)
{
// TODO: Proper error handling, proper monitoring (Application Insights)
log.Info("C# HTTP trigger function processed a request.");
string requestBody = new StreamReader(req.Body).ReadToEnd();
var data = JsonConvert.DeserializeObject <VerificationParameters>(requestBody);
// Short-circuit out of here if signature is invalid anyways
byte[] signature = Convert.FromBase64String(data.Signature);
if (64 != signature.Length)
{
return(new BadRequestObjectResult("Signature is not 64 bytes in length"));
}
// TODO: A-Trust hardcoded, would be data.Authority switch
// TODO: Here we would be adding the caching logic for the certificates (hash of authority & cert# for lookup)
var certificateLookupResult = CertificateLookup.ATrust(data.CertificateNumber);
// TODO: Assuming valid lookup, would need checking certificateLookupResult.Found
var cert = new X509Certificate2(certificateLookupResult.CertificateBinary);
// https://stackoverflow.com/a/38235996/141927
using (ECDsa ecdsa = cert.GetECDsaPublicKey())
{
if (ecdsa != null)
{
bool valid = ecdsa.VerifyHash(Convert.FromBase64String(data.HashToVerify), signature);
return((ActionResult) new OkObjectResult(valid));
}
else
{
return(new NotFoundResult());
}
}
}